npm - @corbat-tech/coco - Versions diffs - 1.2.0 → 1.2.3 - Mend

@corbat-tech/coco 1.2.0 → 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli/index.js CHANGED Viewed

@@ -4,13 +4,13 @@ import { homedir } from 'os';
 import * as path20 from 'path';
 import path20__default, { join, dirname, basename } from 'path';
 import * as fs19 from 'fs';
-import fs19__default, { readFileSync, existsSync, constants } from 'fs';
+import fs19__default, { readFileSync, constants } from 'fs';
 import * as fs22 from 'fs/promises';
 import fs22__default, { writeFile, access, readFile, mkdir, readdir, rm } from 'fs/promises';
+import chalk12 from 'chalk';
+import * as p9 from '@clack/prompts';
 import { Command } from 'commander';
 import { fileURLToPath, URL as URL$1 } from 'url';
-import * as p9 from '@clack/prompts';
-import chalk12 from 'chalk';
 import JSON5 from 'json5';
 import { z } from 'zod';
 import * as crypto from 'crypto';
@@ -21,6 +21,7 @@ import * as http from 'http';
 import { execFile, exec, execSync, execFileSync, spawn } from 'child_process';
 import { promisify } from 'util';
 import { GoogleGenerativeAI, FunctionCallingMode } from '@google/generative-ai';
+import stringWidth from 'string-width';
 import ansiEscapes3 from 'ansi-escapes';
 import * as readline from 'readline';
 import { execa } from 'execa';
@@ -45,6 +46,8 @@ import { glob } from 'glob';
 import { simpleGit } from 'simple-git';
 import { parse } from '@typescript-eslint/typescript-estree';
 import 'events';
+import { Marked } from 'marked';
+import { markedTerminal } from 'marked-terminal';
 var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -279,8 +282,8 @@ __export(trust_store_exports, {
   saveTrustStore: () => saveTrustStore,
   updateLastAccessed: () => updateLastAccessed
 });
-async function ensureDir(path37) {
-  await mkdir(dirname(path37), { recursive: true });
+async function ensureDir(path39) {
+  await mkdir(dirname(path39), { recursive: true });
 }
 async function loadTrustStore(storePath = TRUST_STORE_PATH) {
   try {
@@ -358,8 +361,8 @@ function canPerformOperation(store, projectPath, operation) {
   };
   return permissions[level]?.includes(operation) ?? false;
 }
-function normalizePath(path37) {
-  return join(path37);
+function normalizePath(path39) {
+  return join(path39);
 }
 function createTrustStore(storePath = TRUST_STORE_PATH) {
   let store = null;
@@ -451,6 +454,149 @@ var init_trust_store = __esm({
     TRUST_STORE_PATH = CONFIG_PATHS.projects;
   }
 });
+function getAllowedPaths() {
+  return [...sessionAllowedPaths];
+}
+function isWithinAllowedPath(absolutePath, operation) {
+  const normalizedTarget = path20__default.normalize(absolutePath);
+  for (const entry of sessionAllowedPaths) {
+    const normalizedAllowed = path20__default.normalize(entry.path);
+    if (normalizedTarget === normalizedAllowed || normalizedTarget.startsWith(normalizedAllowed + path20__default.sep)) {
+      if (operation === "read") return true;
+      if (entry.level === "write") return true;
+    }
+  }
+  return false;
+}
+function addAllowedPathToSession(dirPath, level) {
+  const absolute = path20__default.resolve(dirPath);
+  if (sessionAllowedPaths.some((e) => path20__default.normalize(e.path) === path20__default.normalize(absolute))) {
+    return;
+  }
+  sessionAllowedPaths.push({
+    path: absolute,
+    authorizedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    level
+  });
+}
+function removeAllowedPathFromSession(dirPath) {
+  const absolute = path20__default.resolve(dirPath);
+  const normalized = path20__default.normalize(absolute);
+  const before = sessionAllowedPaths.length;
+  sessionAllowedPaths = sessionAllowedPaths.filter((e) => path20__default.normalize(e.path) !== normalized);
+  return sessionAllowedPaths.length < before;
+}
+async function loadAllowedPaths(projectPath) {
+  currentProjectPath = path20__default.resolve(projectPath);
+  const store = await loadStore();
+  const entries = store.projects[currentProjectPath] ?? [];
+  for (const entry of entries) {
+    addAllowedPathToSession(entry.path, entry.level);
+  }
+}
+async function persistAllowedPath(dirPath, level) {
+  if (!currentProjectPath) return;
+  const absolute = path20__default.resolve(dirPath);
+  const store = await loadStore();
+  if (!store.projects[currentProjectPath]) {
+    store.projects[currentProjectPath] = [];
+  }
+  const entries = store.projects[currentProjectPath];
+  const normalized = path20__default.normalize(absolute);
+  if (entries.some((e) => path20__default.normalize(e.path) === normalized)) {
+    return;
+  }
+  entries.push({
+    path: absolute,
+    authorizedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    level
+  });
+  await saveStore(store);
+}
+async function removePersistedAllowedPath(dirPath) {
+  if (!currentProjectPath) return false;
+  const absolute = path20__default.resolve(dirPath);
+  const normalized = path20__default.normalize(absolute);
+  const store = await loadStore();
+  const entries = store.projects[currentProjectPath];
+  if (!entries) return false;
+  const before = entries.length;
+  store.projects[currentProjectPath] = entries.filter((e) => path20__default.normalize(e.path) !== normalized);
+  if (store.projects[currentProjectPath].length < before) {
+    await saveStore(store);
+    return true;
+  }
+  return false;
+}
+async function loadStore() {
+  try {
+    const content = await fs22__default.readFile(STORE_FILE, "utf-8");
+    return { ...DEFAULT_STORE, ...JSON.parse(content) };
+  } catch {
+    return { ...DEFAULT_STORE };
+  }
+}
+async function saveStore(store) {
+  try {
+    await fs22__default.mkdir(path20__default.dirname(STORE_FILE), { recursive: true });
+    await fs22__default.writeFile(STORE_FILE, JSON.stringify(store, null, 2), "utf-8");
+  } catch {
+  }
+}
+var STORE_FILE, DEFAULT_STORE, sessionAllowedPaths, currentProjectPath;
+var init_allowed_paths = __esm({
+  "src/tools/allowed-paths.ts"() {
+    init_paths();
+    STORE_FILE = path20__default.join(CONFIG_PATHS.home, "allowed-paths.json");
+    DEFAULT_STORE = {
+      version: 1,
+      projects: {}
+    };
+    sessionAllowedPaths = [];
+    currentProjectPath = "";
+  }
+});
+// src/cli/repl/allow-path-prompt.ts
+var allow_path_prompt_exports = {};
+__export(allow_path_prompt_exports, {
+  promptAllowPath: () => promptAllowPath
+});
+async function promptAllowPath(dirPath) {
+  const absolute = path20__default.resolve(dirPath);
+  console.log();
+  console.log(chalk12.yellow("  \u26A0 Access denied \u2014 path is outside the project directory"));
+  console.log(chalk12.dim(`  \u{1F4C1} ${absolute}`));
+  console.log();
+  const action = await p9.select({
+    message: "Grant access to this directory?",
+    options: [
+      { value: "session-write", label: "\u2713 Allow write (this session)" },
+      { value: "session-read", label: "\u25D0 Allow read-only (this session)" },
+      { value: "persist-write", label: "\u26A1 Allow write (remember for this project)" },
+      { value: "persist-read", label: "\u{1F4BE} Allow read-only (remember for this project)" },
+      { value: "no", label: "\u2717 Deny" }
+    ]
+  });
+  if (p9.isCancel(action) || action === "no") {
+    return false;
+  }
+  const level = action.includes("read") ? "read" : "write";
+  const persist = action.startsWith("persist");
+  addAllowedPathToSession(absolute, level);
+  if (persist) {
+    await persistAllowedPath(absolute, level);
+  }
+  const levelLabel = level === "write" ? "write" : "read-only";
+  const persistLabel = persist ? " (remembered)" : "";
+  console.log(chalk12.green(`  \u2713 Access granted: ${levelLabel}${persistLabel}`));
+  return true;
+}
+var init_allow_path_prompt = __esm({
+  "src/cli/repl/allow-path-prompt.ts"() {
+    init_allowed_paths();
+  }
+});
 function findPackageJson() {
   let dir = dirname(fileURLToPath(import.meta.url));
   for (let i = 0; i < 10; i++) {
@@ -609,8 +755,8 @@ Generated by Corbat-Coco v0.1.0
 // src/cli/commands/init.ts
 function registerInitCommand(program2) {
-  program2.command("init").description("Initialize a new Corbat-Coco project").argument("[path]", "Project directory path", ".").option("-t, --template <template>", "Project template to use").option("-y, --yes", "Skip prompts and use defaults").option("--skip-discovery", "Skip the discovery phase (use existing spec)").action(async (path37, options) => {
-    await runInit(path37, options);
+  program2.command("init").description("Initialize a new Corbat-Coco project").argument("[path]", "Project directory path", ".").option("-t, --template <template>", "Project template to use").option("-y, --yes", "Skip prompts and use defaults").option("--skip-discovery", "Skip the discovery phase (use existing spec)").action(async (path39, options) => {
+    await runInit(path39, options);
   });
 }
 async function runInit(projectPath, options) {
@@ -689,18 +835,18 @@ async function gatherProjectInfo() {
     language
   };
 }
-function getDefaultProjectInfo(path37) {
-  const name = path37 === "." ? "my-project" : path37.split("/").pop() || "my-project";
+function getDefaultProjectInfo(path39) {
+  const name = path39 === "." ? "my-project" : path39.split("/").pop() || "my-project";
   return {
     name,
     description: "",
     language: "typescript"
   };
 }
-async function checkExistingProject(path37) {
+async function checkExistingProject(path39) {
   try {
-    const fs39 = await import('fs/promises');
-    await fs39.access(`${path37}/.coco`);
+    const fs41 = await import('fs/promises');
+    await fs41.access(`${path39}/.coco`);
     return true;
   } catch {
     return false;
@@ -7648,20 +7794,20 @@ async function createCliPhaseContext(projectPath, _onUserInput) {
     },
     tools: {
       file: {
-        async read(path37) {
-          const fs39 = await import('fs/promises');
-          return fs39.readFile(path37, "utf-8");
+        async read(path39) {
+          const fs41 = await import('fs/promises');
+          return fs41.readFile(path39, "utf-8");
         },
-        async write(path37, content) {
-          const fs39 = await import('fs/promises');
+        async write(path39, content) {
+          const fs41 = await import('fs/promises');
           const nodePath = await import('path');
-          await fs39.mkdir(nodePath.dirname(path37), { recursive: true });
-          await fs39.writeFile(path37, content, "utf-8");
+          await fs41.mkdir(nodePath.dirname(path39), { recursive: true });
+          await fs41.writeFile(path39, content, "utf-8");
         },
-        async exists(path37) {
-          const fs39 = await import('fs/promises');
+        async exists(path39) {
+          const fs41 = await import('fs/promises');
           try {
-            await fs39.access(path37);
+            await fs41.access(path39);
             return true;
           } catch {
             return false;
@@ -7900,16 +8046,16 @@ async function loadTasks(_options) {
   ];
 }
 async function checkProjectState() {
-  const fs39 = await import('fs/promises');
+  const fs41 = await import('fs/promises');
   let hasProject = false;
   let hasPlan = false;
   try {
-    await fs39.access(".coco");
+    await fs41.access(".coco");
     hasProject = true;
   } catch {
   }
   try {
-    await fs39.access(".coco/planning/backlog.json");
+    await fs41.access(".coco/planning/backlog.json");
     hasPlan = true;
   } catch {
   }
@@ -8013,24 +8159,24 @@ function getPhaseStatusForPhase(phase) {
   return "in_progress";
 }
 async function loadProjectState(cwd, config) {
-  const fs39 = await import('fs/promises');
-  const path37 = await import('path');
-  const statePath = path37.join(cwd, ".coco", "state.json");
-  const backlogPath = path37.join(cwd, ".coco", "planning", "backlog.json");
-  const checkpointDir = path37.join(cwd, ".coco", "checkpoints");
+  const fs41 = await import('fs/promises');
+  const path39 = await import('path');
+  const statePath = path39.join(cwd, ".coco", "state.json");
+  const backlogPath = path39.join(cwd, ".coco", "planning", "backlog.json");
+  const checkpointDir = path39.join(cwd, ".coco", "checkpoints");
   let currentPhase = "idle";
   let metrics;
   let sprint;
   let checkpoints = [];
   try {
-    const stateContent = await fs39.readFile(statePath, "utf-8");
+    const stateContent = await fs41.readFile(statePath, "utf-8");
     const stateData = JSON.parse(stateContent);
     currentPhase = stateData.currentPhase || "idle";
     metrics = stateData.metrics;
   } catch {
   }
   try {
-    const backlogContent = await fs39.readFile(backlogPath, "utf-8");
+    const backlogContent = await fs41.readFile(backlogPath, "utf-8");
     const backlogData = JSON.parse(backlogContent);
     if (backlogData.currentSprint) {
       const tasks = backlogData.tasks || [];
@@ -8052,7 +8198,7 @@ async function loadProjectState(cwd, config) {
   } catch {
   }
   try {
-    const files = await fs39.readdir(checkpointDir);
+    const files = await fs41.readdir(checkpointDir);
     checkpoints = files.filter((f) => f.endsWith(".json")).sort().reverse();
   } catch {
   }
@@ -8188,8 +8334,8 @@ async function restoreFromCheckpoint(_checkpoint) {
 }
 async function checkProjectExists() {
   try {
-    const fs39 = await import('fs/promises');
-    await fs39.access(".coco");
+    const fs41 = await import('fs/promises');
+    await fs41.access(".coco");
     return true;
   } catch {
     return false;
@@ -8728,12 +8874,12 @@ async function loadConfig2() {
   };
 }
 async function saveConfig(config) {
-  const fs39 = await import('fs/promises');
-  await fs39.mkdir(".coco", { recursive: true });
-  await fs39.writeFile(".coco/config.json", JSON.stringify(config, null, 2));
+  const fs41 = await import('fs/promises');
+  await fs41.mkdir(".coco", { recursive: true });
+  await fs41.writeFile(".coco/config.json", JSON.stringify(config, null, 2));
 }
-function getNestedValue(obj, path37) {
-  const keys = path37.split(".");
+function getNestedValue(obj, path39) {
+  const keys = path39.split(".");
   let current = obj;
   for (const key of keys) {
     if (current === null || current === void 0 || typeof current !== "object") {
@@ -8743,8 +8889,8 @@ function getNestedValue(obj, path37) {
   }
   return current;
 }
-function setNestedValue(obj, path37, value) {
-  const keys = path37.split(".");
+function setNestedValue(obj, path39, value) {
+  const keys = path39.split(".");
   let current = obj;
   for (let i = 0; i < keys.length - 1; i++) {
     const key = keys[i];
@@ -8965,8 +9111,8 @@ var MCPRegistryImpl = class {
   /**
    * Ensure directory exists
    */
-  async ensureDir(path37) {
-    await mkdir(dirname(path37), { recursive: true });
+  async ensureDir(path39) {
+    await mkdir(dirname(path39), { recursive: true });
   }
 };
 function createMCPRegistry(registryPath) {
@@ -9485,9 +9631,9 @@ function createEmptyMemoryContext() {
     errors: []
   };
 }
-function createMissingMemoryFile(path37, level) {
+function createMissingMemoryFile(path39, level) {
   return {
-    path: path37,
+    path: path39,
     level,
     content: "",
     sections: [],
@@ -9571,10 +9717,12 @@ When the user asks you to do something, follow this process:
 - Always verify your work by reading files after editing or running tests after changes
 - You can use multiple tools together for complex tasks
 - When uncertain which tool to use, check the full list above
+- **Never** add "Co-Authored-By", "Generated by", or any AI attribution to commits, code comments, documentation, or PR descriptions. All output must read as if written by the developer.
 ## File Access
 File operations are restricted to the project directory by default.
-If a tool fails with "outside project directory", tell the user to run \`/allow-path <directory>\` to grant access to that directory. Do NOT retry the operation until the user has granted access.
+When you need to access a path outside the project, use the **authorize_path** tool first \u2014 it will ask the user for permission interactively. Once authorized, proceed with the file operation.
+If a file tool fails with "outside project directory", the system will automatically prompt the user to authorize the path and retry. You do NOT need to tell the user to run any command manually.
 ## Output Formatting Rules
@@ -12178,8 +12326,8 @@ async function listTrustedProjects2(trustStore) {
   p9.log.message("");
   for (const project of projects) {
     const level = project.approvalLevel.toUpperCase().padEnd(5);
-    const path37 = project.path.length > 50 ? "..." + project.path.slice(-47) : project.path;
-    p9.log.message(`  [${level}] ${path37}`);
+    const path39 = project.path.length > 50 ? "..." + project.path.slice(-47) : project.path;
+    p9.log.message(`  [${level}] ${path39}`);
     p9.log.message(`      Last accessed: ${new Date(project.lastAccessed).toLocaleString()}`);
   }
   p9.log.message("");
@@ -13349,7 +13497,7 @@ async function getCheckpoint(session, checkpointId) {
   return store.checkpoints.find((cp) => cp.id === checkpointId) ?? null;
 }
 async function restoreFiles(checkpoint, excludeFiles) {
-  const fs39 = await import('fs/promises');
+  const fs41 = await import('fs/promises');
   const restored = [];
   const failed = [];
   for (const fileCheckpoint of checkpoint.files) {
@@ -13357,7 +13505,7 @@ async function restoreFiles(checkpoint, excludeFiles) {
       continue;
     }
     try {
-      await fs39.writeFile(fileCheckpoint.filePath, fileCheckpoint.originalContent, "utf-8");
+      await fs41.writeFile(fileCheckpoint.filePath, fileCheckpoint.originalContent, "utf-8");
       restored.push(fileCheckpoint.filePath);
     } catch (error) {
       const message = error instanceof Error ? error.message : "Unknown error";
@@ -13439,8 +13587,8 @@ function displayRewindResult(result) {
     const fileName = filePath.split("/").pop() ?? filePath;
     console.log(`${chalk12.green(String.fromCodePoint(10003))} Restored: ${fileName}`);
   }
-  for (const { path: path37, error } of result.filesFailed) {
-    const fileName = path37.split("/").pop() ?? path37;
+  for (const { path: path39, error } of result.filesFailed) {
+    const fileName = path39.split("/").pop() ?? path39;
     console.log(`${chalk12.red(String.fromCodePoint(10007))} Failed: ${fileName} (${error})`);
   }
   if (result.conversationRestored) {
@@ -14873,8 +15021,8 @@ function formatToolSummary(toolName, input) {
       return String(input.path || ".");
     case "search_files": {
       const pattern = String(input.pattern || "");
-      const path37 = input.path ? ` in ${input.path}` : "";
-      return `"${pattern}"${path37}`;
+      const path39 = input.path ? ` in ${input.path}` : "";
+      return `"${pattern}"${path39}`;
     }
     case "bash_exec": {
       const cmd = String(input.command || "");
@@ -15176,106 +15324,8 @@ var copyCommand = {
   }
 };
-// src/tools/allowed-paths.ts
-init_paths();
-var STORE_FILE = path20__default.join(CONFIG_PATHS.home, "allowed-paths.json");
-var DEFAULT_STORE = {
-  version: 1,
-  projects: {}
-};
-var sessionAllowedPaths = [];
-var currentProjectPath = "";
-function getAllowedPaths() {
-  return [...sessionAllowedPaths];
-}
-function isWithinAllowedPath(absolutePath, operation) {
-  const normalizedTarget = path20__default.normalize(absolutePath);
-  for (const entry of sessionAllowedPaths) {
-    const normalizedAllowed = path20__default.normalize(entry.path);
-    if (normalizedTarget === normalizedAllowed || normalizedTarget.startsWith(normalizedAllowed + path20__default.sep)) {
-      if (operation === "read") return true;
-      if (entry.level === "write") return true;
-    }
-  }
-  return false;
-}
-function addAllowedPathToSession(dirPath, level) {
-  const absolute = path20__default.resolve(dirPath);
-  if (sessionAllowedPaths.some((e) => path20__default.normalize(e.path) === path20__default.normalize(absolute))) {
-    return;
-  }
-  sessionAllowedPaths.push({
-    path: absolute,
-    authorizedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    level
-  });
-}
-function removeAllowedPathFromSession(dirPath) {
-  const absolute = path20__default.resolve(dirPath);
-  const normalized = path20__default.normalize(absolute);
-  const before = sessionAllowedPaths.length;
-  sessionAllowedPaths = sessionAllowedPaths.filter((e) => path20__default.normalize(e.path) !== normalized);
-  return sessionAllowedPaths.length < before;
-}
-async function loadAllowedPaths(projectPath) {
-  currentProjectPath = path20__default.resolve(projectPath);
-  const store = await loadStore();
-  const entries = store.projects[currentProjectPath] ?? [];
-  for (const entry of entries) {
-    addAllowedPathToSession(entry.path, entry.level);
-  }
-}
-async function persistAllowedPath(dirPath, level) {
-  if (!currentProjectPath) return;
-  const absolute = path20__default.resolve(dirPath);
-  const store = await loadStore();
-  if (!store.projects[currentProjectPath]) {
-    store.projects[currentProjectPath] = [];
-  }
-  const entries = store.projects[currentProjectPath];
-  const normalized = path20__default.normalize(absolute);
-  if (entries.some((e) => path20__default.normalize(e.path) === normalized)) {
-    return;
-  }
-  entries.push({
-    path: absolute,
-    authorizedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    level
-  });
-  await saveStore(store);
-}
-async function removePersistedAllowedPath(dirPath) {
-  if (!currentProjectPath) return false;
-  const absolute = path20__default.resolve(dirPath);
-  const normalized = path20__default.normalize(absolute);
-  const store = await loadStore();
-  const entries = store.projects[currentProjectPath];
-  if (!entries) return false;
-  const before = entries.length;
-  store.projects[currentProjectPath] = entries.filter((e) => path20__default.normalize(e.path) !== normalized);
-  if (store.projects[currentProjectPath].length < before) {
-    await saveStore(store);
-    return true;
-  }
-  return false;
-}
-async function loadStore() {
-  try {
-    const content = await fs22__default.readFile(STORE_FILE, "utf-8");
-    return { ...DEFAULT_STORE, ...JSON.parse(content) };
-  } catch {
-    return { ...DEFAULT_STORE };
-  }
-}
-async function saveStore(store) {
-  try {
-    await fs22__default.mkdir(path20__default.dirname(STORE_FILE), { recursive: true });
-    await fs22__default.writeFile(STORE_FILE, JSON.stringify(store, null, 2), "utf-8");
-  } catch {
-  }
-}
 // src/cli/repl/commands/allow-path.ts
+init_allowed_paths();
 var BLOCKED_SYSTEM_PATHS = [
   "/etc",
   "/var",
@@ -16253,6 +16303,7 @@ function createInputHandler(_session) {
   let tempLine = "";
   let lastMenuLines = 0;
   let lastCursorRow = 0;
+  let lastContentRows = 1;
   let isFirstRender = true;
   let isPasting = false;
   let pasteBuffer = "";
@@ -16304,7 +16355,12 @@ function createInputHandler(_session) {
         output += chalk12.dim.gray(ghost);
       }
     }
+    const totalContentLen = prompt.visualLen + currentLine.length;
+    const contentRows = totalContentLen === 0 ? 1 : Math.ceil(totalContentLen / termCols);
+    const contentExactFill = totalContentLen > 0 && totalContentLen % termCols === 0;
+    output += (contentExactFill ? "" : "\n") + separator;
     const showMenu = completions.length > 0 && currentLine.startsWith("/") && currentLine.length >= 1;
+    let extraLinesBelow = 0;
     if (showMenu) {
       const cols = getColumnCount();
       const maxVisibleItems = MAX_ROWS * cols;
@@ -16323,9 +16379,11 @@ function createInputHandler(_session) {
         output += "\n";
         output += chalk12.dim(`  \u2191 ${startIndex} more above`);
         lastMenuLines++;
+        extraLinesBelow++;
       }
       for (let row = 0; row < rowCount; row++) {
         output += "\n";
+        extraLinesBelow++;
         for (let col = 0; col < cols; col++) {
           const itemIndex = row * cols + col;
           if (itemIndex >= visibleItems.length) break;
@@ -16344,22 +16402,22 @@ function createInputHandler(_session) {
         output += "\n";
         output += chalk12.dim(`  \u2193 ${completions.length - endIndex} more below`);
         lastMenuLines++;
+        extraLinesBelow++;
       }
-      for (let i = 0; i < BOTTOM_MARGIN; i++) {
-        output += "\n";
-      }
-      output += ansiEscapes3.cursorUp(lastMenuLines + BOTTOM_MARGIN + 1);
     } else {
       lastMenuLines = 0;
-      for (let i = 0; i < BOTTOM_MARGIN; i++) {
-        output += "\n";
-      }
-      output += ansiEscapes3.cursorUp(BOTTOM_MARGIN + 1);
     }
+    for (let i = 0; i < BOTTOM_MARGIN; i++) {
+      output += "\n";
+      extraLinesBelow++;
+    }
+    const totalUp = extraLinesBelow + 1 + contentRows;
+    output += ansiEscapes3.cursorUp(totalUp);
     output += ansiEscapes3.cursorDown(1);
     const cursorAbsolutePos = prompt.visualLen + cursorPos;
-    const finalLine = Math.floor(cursorAbsolutePos / termCols);
-    const finalCol = cursorAbsolutePos % termCols;
+    const onExactBoundary = cursorAbsolutePos > 0 && cursorAbsolutePos % termCols === 0;
+    const finalLine = onExactBoundary ? cursorAbsolutePos / termCols - 1 : Math.floor(cursorAbsolutePos / termCols);
+    const finalCol = onExactBoundary ? 0 : cursorAbsolutePos % termCols;
     output += "\r";
     if (finalLine > 0) {
       output += ansiEscapes3.cursorDown(finalLine);
@@ -16368,10 +16426,15 @@ function createInputHandler(_session) {
       output += ansiEscapes3.cursorForward(finalCol);
     }
     lastCursorRow = finalLine;
+    lastContentRows = contentRows;
     process.stdout.write(output);
   }
   function clearMenu() {
-    process.stdout.write(ansiEscapes3.eraseDown);
+    const rowsDown = lastContentRows - lastCursorRow + 1;
+    if (rowsDown > 0) {
+      process.stdout.write(ansiEscapes3.cursorDown(rowsDown));
+    }
+    process.stdout.write("\r" + ansiEscapes3.eraseDown);
     lastMenuLines = 0;
   }
   function insertTextAtCursor(text9) {
@@ -16395,6 +16458,7 @@ function createInputHandler(_session) {
         tempLine = "";
         lastMenuLines = 0;
         lastCursorRow = 0;
+        lastContentRows = 1;
         isFirstRender = true;
         render();
         if (process.stdin.isTTY) {
@@ -16537,9 +16601,7 @@ function createInputHandler(_session) {
               currentLine = completions[selectedCompletion].cmd;
             }
             cleanup();
-            const termWidth = process.stdout.columns || 80;
             console.log();
-            console.log(chalk12.dim("\u2500".repeat(termWidth)));
             const result = currentLine.trim();
             if (result) {
               sessionHistory.push(result);
@@ -18014,38 +18076,9 @@ function extractDeniedPath(error) {
   const match = error.match(/Use \/allow-path (.+?) to grant access/);
   return match?.[1] ?? null;
 }
-async function promptAllowPath(dirPath) {
-  const absolute = path20__default.resolve(dirPath);
-  console.log();
-  console.log(chalk12.yellow("  \u26A0 Access denied \u2014 path is outside the project directory"));
-  console.log(chalk12.dim(`  \u{1F4C1} ${absolute}`));
-  console.log();
-  const action = await p9.select({
-    message: "Grant access to this directory?",
-    options: [
-      { value: "session-write", label: "\u2713 Allow write (this session)" },
-      { value: "session-read", label: "\u25D0 Allow read-only (this session)" },
-      { value: "persist-write", label: "\u26A1 Allow write (remember for this project)" },
-      { value: "persist-read", label: "\u{1F4BE} Allow read-only (remember for this project)" },
-      { value: "no", label: "\u2717 Deny" }
-    ]
-  });
-  if (p9.isCancel(action) || action === "no") {
-    return false;
-  }
-  const level = action.includes("read") ? "read" : "write";
-  const persist = action.startsWith("persist");
-  addAllowedPathToSession(absolute, level);
-  if (persist) {
-    await persistAllowedPath(absolute, level);
-  }
-  const levelLabel = level === "write" ? "write" : "read-only";
-  const persistLabel = persist ? " (remembered)" : "";
-  console.log(chalk12.green(`  \u2713 Access granted: ${levelLabel}${persistLabel}`));
-  return true;
-}
 // src/cli/repl/agent-loop.ts
+init_allow_path_prompt();
 async function executeAgentTurn(session, userMessage, provider, toolRegistry, options = {}) {
   resetLineBuffer();
   addMessage(session, { role: "user", content: userMessage });
@@ -18329,6 +18362,7 @@ function formatAbortSummary(executedTools) {
   }
   return summary;
 }
+init_allowed_paths();
 var SENSITIVE_PATTERNS = [
   /\.env(?:\.\w+)?$/,
   // .env, .env.local, etc.
@@ -19192,7 +19226,8 @@ function truncateOutput(output, maxLength = 5e4) {
 [Output truncated - ${output.length - maxLength} more characters]`;
 }
 function getGit(cwd) {
-  return simpleGit(cwd ?? process.cwd());
+  const baseDir = cwd ?? process.cwd();
+  return simpleGit({ baseDir });
 }
 var gitStatusTool = defineTool({
   name: "git_status",
@@ -19553,9 +19588,11 @@ var gitTools = [
   gitInitTool
 ];
 function generateSimpleCommitMessage() {
+  const cwd = process.cwd();
   try {
     const diff = execSync("git diff --cached --name-only", {
       encoding: "utf-8",
+      cwd,
       stdio: ["pipe", "pipe", "ignore"]
     });
     const files = diff.trim().split("\n").filter(Boolean);
@@ -19591,6 +19628,7 @@ var checkProtectedBranchTool = defineTool({
     try {
       const branch = execSync("git rev-parse --abbrev-ref HEAD", {
         encoding: "utf-8",
+        cwd: process.cwd(),
         stdio: ["pipe", "pipe", "ignore"]
       }).trim();
       const protected_branches = ["main", "master", "develop", "production"];
@@ -19626,7 +19664,7 @@ var simpleAutoCommitTool = defineTool({
   async execute(input) {
     try {
       try {
-        execSync("git diff --cached --quiet", { stdio: "ignore" });
+        execSync("git diff --cached --quiet", { cwd: process.cwd(), stdio: "ignore" });
         return {
           stdout: "",
           stderr: "No staged changes to commit",
@@ -19638,6 +19676,7 @@ var simpleAutoCommitTool = defineTool({
       const message = input.message || generateSimpleCommitMessage();
       execSync(`git commit -m "${message}"`, {
         encoding: "utf-8",
+        cwd: process.cwd(),
         stdio: "pipe"
       });
       return {
@@ -20306,10 +20345,10 @@ var CoverageAnalyzer = class {
       join(this.projectPath, ".coverage", "coverage-summary.json"),
       join(this.projectPath, "coverage", "lcov-report", "coverage-summary.json")
     ];
-    for (const path37 of possiblePaths) {
+    for (const path39 of possiblePaths) {
       try {
-        await access(path37, constants.R_OK);
-        const content = await readFile(path37, "utf-8");
+        await access(path39, constants.R_OK);
+        const content = await readFile(path39, "utf-8");
         const report = JSON.parse(content);
         return parseCoverageSummary(report);
       } catch {
@@ -24491,9 +24530,17 @@ Examples:
   }
 });
 var diffTools = [showDiffTool];
-async function fileExists(path37) {
+async function fileExists(filePath) {
+  try {
+    await fs22__default.access(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function fileExists2(path39) {
   try {
-    await access(path37);
+    await access(path39);
     return true;
   } catch {
     return false;
@@ -24508,7 +24555,7 @@ async function dirHasFiles(dir) {
   }
 }
 async function detectMaturity(cwd) {
-  const hasPackageJson = await fileExists(join(cwd, "package.json"));
+  const hasPackageJson = await fileExists2(join(cwd, "package.json"));
   if (!hasPackageJson) {
     const otherManifests = [
       "go.mod",
@@ -24521,7 +24568,7 @@ async function detectMaturity(cwd) {
     ];
     let hasAnyManifest = false;
     for (const m of otherManifests) {
-      if (await fileExists(join(cwd, m))) {
+      if (await fileExists2(join(cwd, m))) {
         hasAnyManifest = true;
         break;
       }
@@ -24562,7 +24609,7 @@ async function detectMaturity(cwd) {
     cwd,
     ignore: ["node_modules/**", "dist/**", "build/**"]
   });
-  const hasCI = await fileExists(join(cwd, ".github/workflows")) && await dirHasFiles(join(cwd, ".github/workflows"));
+  const hasCI = await fileExists2(join(cwd, ".github/workflows")) && await dirHasFiles(join(cwd, ".github/workflows"));
   const lintConfigs = [
     ".eslintrc.js",
     ".eslintrc.json",
@@ -24575,7 +24622,7 @@ async function detectMaturity(cwd) {
   ];
   let hasLintConfig = false;
   for (const config of lintConfigs) {
-    if (await fileExists(join(cwd, config))) {
+    if (await fileExists2(join(cwd, config))) {
       hasLintConfig = true;
       break;
     }
@@ -24583,7 +24630,7 @@ async function detectMaturity(cwd) {
   if (!hasLintConfig && hasPackageJson) {
     try {
       const pkgRaw = await import('fs/promises').then(
-        (fs39) => fs39.readFile(join(cwd, "package.json"), "utf-8")
+        (fs41) => fs41.readFile(join(cwd, "package.json"), "utf-8")
       );
       const pkg = JSON.parse(pkgRaw);
       if (pkg.scripts?.lint || pkg.scripts?.["lint:fix"]) {
@@ -24628,7 +24675,8 @@ var SECURITY_PATTERNS2 = [
     regex: /console\.(log|debug|info)\(/,
     severity: "minor",
     category: "best-practice",
-    message: "Remove console.log \u2014 use structured logging instead"
+    message: "Remove console.log \u2014 use structured logging instead",
+    excludePaths: /\/(cli|repl|bin|scripts)\//
   }
 ];
 var CORRECTNESS_PATTERNS = [
@@ -24708,6 +24756,7 @@ function analyzePatterns(diff) {
       for (const line of hunk.lines) {
         if (line.type !== "add") continue;
         for (const pattern of ALL_PATTERNS) {
+          if (pattern.excludePaths?.test(file.path)) continue;
           if (pattern.regex.test(line.content)) {
             findings.push({
               file: file.path,
@@ -24724,7 +24773,8 @@ function analyzePatterns(diff) {
   }
   return findings;
 }
-function checkTestCoverage(diff) {
+var TEST_COVERAGE_LARGE_CHANGE_THRESHOLD = 15;
+async function checkTestCoverage(diff, cwd) {
   const findings = [];
   const changedSrc = [];
   const changedTests = /* @__PURE__ */ new Set();
@@ -24734,22 +24784,35 @@ function checkTestCoverage(diff) {
       changedTests.add(file.path);
     } else if (/\.(ts|tsx|js|jsx)$/.test(file.path)) {
       if (file.additions > 5) {
-        changedSrc.push(file.path);
+        changedSrc.push({ path: file.path, additions: file.additions });
       }
     }
   }
   for (const src of changedSrc) {
-    const baseName = src.replace(/\.(ts|tsx|js|jsx)$/, "");
+    const baseName = src.path.replace(/\.(ts|tsx|js|jsx)$/, "");
     const hasTestChange = [...changedTests].some(
       (t) => t.includes(baseName.split("/").pop()) || t.startsWith(baseName)
     );
     if (!hasTestChange) {
-      findings.push({
-        file: src,
-        severity: "minor",
-        category: "testing",
-        message: "Logic changes without corresponding test updates"
-      });
+      const ext = src.path.match(/\.(ts|tsx|js|jsx)$/)?.[0] ?? ".ts";
+      const testExists = await fileExists(path20__default.join(cwd, `${baseName}.test${ext}`)) || await fileExists(path20__default.join(cwd, `${baseName}.spec${ext}`));
+      if (testExists) {
+        if (src.additions >= TEST_COVERAGE_LARGE_CHANGE_THRESHOLD) {
+          findings.push({
+            file: src.path,
+            severity: "info",
+            category: "testing",
+            message: "Test file exists but was not updated \u2014 verify existing tests cover these changes"
+          });
+        }
+      } else {
+        findings.push({
+          file: src.path,
+          severity: "minor",
+          category: "testing",
+          message: "Logic changes without corresponding test updates"
+        });
+      }
     }
   }
   return findings;
@@ -24899,7 +24962,7 @@ Examples:
       const maturity = maturityInfo.level;
       let allFindings = [];
       allFindings.push(...analyzePatterns(diff));
-      allFindings.push(...checkTestCoverage(diff));
+      allFindings.push(...await checkTestCoverage(diff, projectDir));
       allFindings.push(...checkDocumentation(diff));
       if (runLinter) {
         try {
@@ -24950,8 +25013,8 @@ Examples:
   }
 });
 var reviewTools = [reviewCodeTool];
-var fs28 = await import('fs/promises');
-var path26 = await import('path');
+var fs29 = await import('fs/promises');
+var path28 = await import('path');
 var { glob: glob12 } = await import('glob');
 var DEFAULT_MAX_FILES = 200;
 var LANGUAGE_EXTENSIONS = {
@@ -24977,7 +25040,7 @@ var DEFAULT_EXCLUDES = [
   "**/*.d.ts"
 ];
 function detectLanguage2(filePath) {
-  const ext = path26.extname(filePath).toLowerCase();
+  const ext = path28.extname(filePath).toLowerCase();
   for (const [lang, extensions] of Object.entries(LANGUAGE_EXTENSIONS)) {
     if (extensions.includes(ext)) return lang;
   }
@@ -25386,9 +25449,9 @@ Examples:
   }),
   async execute({ path: rootPath, include, exclude, languages, maxFiles, depth }) {
     const startTime = performance.now();
-    const absPath = path26.resolve(rootPath);
+    const absPath = path28.resolve(rootPath);
     try {
-      const stat2 = await fs28.stat(absPath);
+      const stat2 = await fs29.stat(absPath);
       if (!stat2.isDirectory()) {
         throw new ToolError(`Path is not a directory: ${absPath}`, {
           tool: "codebase_map"
@@ -25425,14 +25488,14 @@ Examples:
     let totalDefinitions = 0;
     let exportedSymbols = 0;
     for (const file of limitedFiles) {
-      const fullPath = path26.join(absPath, file);
+      const fullPath = path28.join(absPath, file);
       const language = detectLanguage2(file);
       if (!language) continue;
       if (languages && !languages.includes(language)) {
         continue;
       }
       try {
-        const content = await fs28.readFile(fullPath, "utf-8");
+        const content = await fs29.readFile(fullPath, "utf-8");
         const lineCount = content.split("\n").length;
         const parsed = parseFile(content, language);
         const definitions = depth === "overview" ? parsed.definitions.filter((d) => d.exported) : parsed.definitions;
@@ -25465,23 +25528,23 @@ Examples:
 });
 var codebaseMapTools = [codebaseMapTool];
 init_paths();
-var fs29 = await import('fs/promises');
-var path27 = await import('path');
-var crypto2 = await import('crypto');
-var GLOBAL_MEMORIES_DIR = path27.join(COCO_HOME, "memories");
+var fs30 = await import('fs/promises');
+var path29 = await import('path');
+var crypto3 = await import('crypto');
+var GLOBAL_MEMORIES_DIR = path29.join(COCO_HOME, "memories");
 var PROJECT_MEMORIES_DIR = ".coco/memories";
 var DEFAULT_MAX_MEMORIES = 1e3;
 async function ensureDir2(dirPath) {
-  await fs29.mkdir(dirPath, { recursive: true });
+  await fs30.mkdir(dirPath, { recursive: true });
 }
 function getMemoriesDir(scope) {
   return scope === "global" ? GLOBAL_MEMORIES_DIR : PROJECT_MEMORIES_DIR;
 }
 async function loadIndex(scope) {
   const dir = getMemoriesDir(scope);
-  const indexPath = path27.join(dir, "index.json");
+  const indexPath = path29.join(dir, "index.json");
   try {
-    const content = await fs29.readFile(indexPath, "utf-8");
+    const content = await fs30.readFile(indexPath, "utf-8");
     return JSON.parse(content);
   } catch {
     return [];
@@ -25490,14 +25553,14 @@ async function loadIndex(scope) {
 async function saveIndex(scope, index) {
   const dir = getMemoriesDir(scope);
   await ensureDir2(dir);
-  const indexPath = path27.join(dir, "index.json");
-  await fs29.writeFile(indexPath, JSON.stringify(index, null, 2), "utf-8");
+  const indexPath = path29.join(dir, "index.json");
+  await fs30.writeFile(indexPath, JSON.stringify(index, null, 2), "utf-8");
 }
 async function loadMemory(scope, id) {
   const dir = getMemoriesDir(scope);
-  const memPath = path27.join(dir, `${id}.json`);
+  const memPath = path29.join(dir, `${id}.json`);
   try {
-    const content = await fs29.readFile(memPath, "utf-8");
+    const content = await fs30.readFile(memPath, "utf-8");
     return JSON.parse(content);
   } catch {
     return null;
@@ -25506,8 +25569,8 @@ async function loadMemory(scope, id) {
 async function saveMemory(scope, memory) {
   const dir = getMemoriesDir(scope);
   await ensureDir2(dir);
-  const memPath = path27.join(dir, `${memory.id}.json`);
-  await fs29.writeFile(memPath, JSON.stringify(memory, null, 2), "utf-8");
+  const memPath = path29.join(dir, `${memory.id}.json`);
+  await fs30.writeFile(memPath, JSON.stringify(memory, null, 2), "utf-8");
 }
 var createMemoryTool = defineTool({
   name: "create_memory",
@@ -25549,7 +25612,7 @@ Examples:
         { tool: "create_memory" }
       );
     }
-    const id = crypto2.randomUUID();
+    const id = crypto3.randomUUID();
     const memory = {
       id,
       key,
@@ -25659,17 +25722,17 @@ Examples:
   }
 });
 var memoryTools = [createMemoryTool, recallMemoryTool, listMemoriesTool];
-var fs30 = await import('fs/promises');
-var crypto3 = await import('crypto');
+var fs31 = await import('fs/promises');
+var crypto4 = await import('crypto');
 var CHECKPOINT_FILE = ".coco/checkpoints.json";
 var DEFAULT_MAX_CHECKPOINTS = 50;
 var STASH_PREFIX = "coco-cp";
 async function ensureCocoDir() {
-  await fs30.mkdir(".coco", { recursive: true });
+  await fs31.mkdir(".coco", { recursive: true });
 }
 async function loadCheckpoints() {
   try {
-    const content = await fs30.readFile(CHECKPOINT_FILE, "utf-8");
+    const content = await fs31.readFile(CHECKPOINT_FILE, "utf-8");
     return JSON.parse(content);
   } catch {
     return [];
@@ -25677,7 +25740,7 @@ async function loadCheckpoints() {
 }
 async function saveCheckpoints(checkpoints) {
   await ensureCocoDir();
-  await fs30.writeFile(CHECKPOINT_FILE, JSON.stringify(checkpoints, null, 2), "utf-8");
+  await fs31.writeFile(CHECKPOINT_FILE, JSON.stringify(checkpoints, null, 2), "utf-8");
 }
 async function execGit(args) {
   const { execaCommand } = await import('execa');
@@ -25715,7 +25778,7 @@ Examples:
     description: z.string().min(1).max(200).describe("Description of this checkpoint")
   }),
   async execute({ description }) {
-    const id = crypto3.randomUUID().slice(0, 8);
+    const id = crypto4.randomUUID().slice(0, 8);
     const timestamp = (/* @__PURE__ */ new Date()).toISOString();
     const stashMessage = `${STASH_PREFIX}-${id}-${description.replace(/\s+/g, "-").slice(0, 50)}`;
     const changedFiles = await getChangedFiles();
@@ -25837,8 +25900,8 @@ Examples:
   }
 });
 var checkpointTools = [createCheckpointTool, restoreCheckpointTool, listCheckpointsTool];
-var fs31 = await import('fs/promises');
-var path28 = await import('path');
+var fs32 = await import('fs/promises');
+var path30 = await import('path');
 var { glob: glob13 } = await import('glob');
 var INDEX_DIR = ".coco/search-index";
 var DEFAULT_CHUNK_SIZE = 20;
@@ -25964,20 +26027,20 @@ async function getEmbedding(text9) {
 }
 async function loadIndex2(indexDir) {
   try {
-    const indexPath = path28.join(indexDir, "index.json");
-    const content = await fs31.readFile(indexPath, "utf-8");
+    const indexPath = path30.join(indexDir, "index.json");
+    const content = await fs32.readFile(indexPath, "utf-8");
     return JSON.parse(content);
   } catch {
     return null;
   }
 }
 async function saveIndex2(indexDir, index) {
-  await fs31.mkdir(indexDir, { recursive: true });
-  const indexPath = path28.join(indexDir, "index.json");
-  await fs31.writeFile(indexPath, JSON.stringify(index), "utf-8");
+  await fs32.mkdir(indexDir, { recursive: true });
+  const indexPath = path30.join(indexDir, "index.json");
+  await fs32.writeFile(indexPath, JSON.stringify(index), "utf-8");
 }
 function isBinary(filePath) {
-  return BINARY_EXTENSIONS.has(path28.extname(filePath).toLowerCase());
+  return BINARY_EXTENSIONS.has(path30.extname(filePath).toLowerCase());
 }
 var semanticSearchTool = defineTool({
   name: "semantic_search",
@@ -26002,8 +26065,8 @@ Examples:
     const effectivePath = rootPath ?? ".";
     const effectiveMaxResults = maxResults ?? 10;
     const effectiveThreshold = threshold ?? 0.3;
-    const absPath = path28.resolve(effectivePath);
-    const indexDir = path28.join(absPath, INDEX_DIR);
+    const absPath = path30.resolve(effectivePath);
+    const indexDir = path30.join(absPath, INDEX_DIR);
     let index = reindex ? null : await loadIndex2(indexDir);
     if (!index) {
       const pattern = include ?? "**/*";
@@ -26016,10 +26079,10 @@ Examples:
       const chunks = [];
       for (const file of files) {
         if (isBinary(file)) continue;
-        const fullPath = path28.join(absPath, file);
+        const fullPath = path30.join(absPath, file);
         try {
-          const stat2 = await fs31.stat(fullPath);
-          const content = await fs31.readFile(fullPath, "utf-8");
+          const stat2 = await fs32.stat(fullPath);
+          const content = await fs32.readFile(fullPath, "utf-8");
           if (content.length > 1e5) continue;
           const fileChunks = chunkContent(content, DEFAULT_CHUNK_SIZE);
           for (const chunk of fileChunks) {
@@ -26078,8 +26141,8 @@ Examples:
   }
 });
 var semanticSearchTools = [semanticSearchTool];
-var fs32 = await import('fs/promises');
-var path29 = await import('path');
+var fs33 = await import('fs/promises');
+var path31 = await import('path');
 var { glob: glob14 } = await import('glob');
 async function parseClassRelationships(rootPath, include) {
   const pattern = include ?? "**/*.{ts,tsx,js,jsx}";
@@ -26092,7 +26155,7 @@ async function parseClassRelationships(rootPath, include) {
   const interfaces = [];
   for (const file of files.slice(0, 100)) {
     try {
-      const content = await fs32.readFile(path29.join(rootPath, file), "utf-8");
+      const content = await fs33.readFile(path31.join(rootPath, file), "utf-8");
       const lines = content.split("\n");
       for (let i = 0; i < lines.length; i++) {
         const line = lines[i];
@@ -26211,14 +26274,14 @@ async function generateClassDiagram(rootPath, include) {
   };
 }
 async function generateArchitectureDiagram(rootPath) {
-  const entries = await fs32.readdir(rootPath, { withFileTypes: true });
+  const entries = await fs33.readdir(rootPath, { withFileTypes: true });
   const dirs = entries.filter(
     (e) => e.isDirectory() && !e.name.startsWith(".") && !["node_modules", "dist", "build", "coverage", "__pycache__", "target"].includes(e.name)
   );
   const lines = ["graph TD"];
   let nodeCount = 0;
   let edgeCount = 0;
-  const rootName = path29.basename(rootPath);
+  const rootName = path31.basename(rootPath);
   lines.push(`  ROOT["${rootName}"]`);
   nodeCount++;
   for (const dir of dirs) {
@@ -26228,7 +26291,7 @@ async function generateArchitectureDiagram(rootPath) {
     nodeCount++;
     edgeCount++;
     try {
-      const subEntries = await fs32.readdir(path29.join(rootPath, dir.name), {
+      const subEntries = await fs33.readdir(path31.join(rootPath, dir.name), {
         withFileTypes: true
       });
       const subDirs = subEntries.filter(
@@ -26351,7 +26414,7 @@ Examples:
         tool: "generate_diagram"
       });
     }
-    const absPath = rootPath ? path29.resolve(rootPath) : process.cwd();
+    const absPath = rootPath ? path31.resolve(rootPath) : process.cwd();
     switch (type) {
       case "class":
         return generateClassDiagram(absPath, include);
@@ -26412,8 +26475,8 @@ Examples:
   }
 });
 var diagramTools = [generateDiagramTool];
-var fs33 = await import('fs/promises');
-var path30 = await import('path');
+var fs34 = await import('fs/promises');
+var path32 = await import('path');
 var DEFAULT_MAX_PAGES = 20;
 var MAX_FILE_SIZE = 50 * 1024 * 1024;
 function parsePageRange(rangeStr, totalPages) {
@@ -26448,9 +26511,9 @@ Examples:
   }),
   async execute({ path: filePath, pages, maxPages }) {
     const startTime = performance.now();
-    const absPath = path30.resolve(filePath);
+    const absPath = path32.resolve(filePath);
     try {
-      const stat2 = await fs33.stat(absPath);
+      const stat2 = await fs34.stat(absPath);
       if (!stat2.isFile()) {
         throw new ToolError(`Path is not a file: ${absPath}`, {
           tool: "read_pdf"
@@ -26481,7 +26544,7 @@ Examples:
     }
     try {
       const pdfParse = await import('pdf-parse');
-      const dataBuffer = await fs33.readFile(absPath);
+      const dataBuffer = await fs34.readFile(absPath);
       const pdfData = await pdfParse.default(dataBuffer, {
         max: maxPages
       });
@@ -26527,8 +26590,8 @@ Examples:
   }
 });
 var pdfTools = [readPdfTool];
-var fs34 = await import('fs/promises');
-var path31 = await import('path');
+var fs35 = await import('fs/promises');
+var path33 = await import('path');
 var SUPPORTED_FORMATS = /* @__PURE__ */ new Set([".png", ".jpg", ".jpeg", ".gif", ".webp", ".bmp"]);
 var MAX_IMAGE_SIZE = 20 * 1024 * 1024;
 var MIME_TYPES = {
@@ -26556,15 +26619,15 @@ Examples:
   async execute({ path: filePath, prompt, provider }) {
     const startTime = performance.now();
     const effectivePrompt = prompt ?? "Describe this image in detail. If it's code or a UI, identify the key elements.";
-    const absPath = path31.resolve(filePath);
+    const absPath = path33.resolve(filePath);
     const cwd = process.cwd();
-    if (!absPath.startsWith(cwd + path31.sep) && absPath !== cwd) {
+    if (!absPath.startsWith(cwd + path33.sep) && absPath !== cwd) {
       throw new ToolError(
         `Path traversal denied: '${filePath}' resolves outside the project directory`,
         { tool: "read_image" }
       );
     }
-    const ext = path31.extname(absPath).toLowerCase();
+    const ext = path33.extname(absPath).toLowerCase();
     if (!SUPPORTED_FORMATS.has(ext)) {
       throw new ToolError(
         `Unsupported image format '${ext}'. Supported: ${Array.from(SUPPORTED_FORMATS).join(", ")}`,
@@ -26572,7 +26635,7 @@ Examples:
       );
     }
     try {
-      const stat2 = await fs34.stat(absPath);
+      const stat2 = await fs35.stat(absPath);
       if (!stat2.isFile()) {
         throw new ToolError(`Path is not a file: ${absPath}`, {
           tool: "read_image"
@@ -26593,7 +26656,7 @@ Examples:
       if (error instanceof ToolError) throw error;
       throw error;
     }
-    const imageBuffer = await fs34.readFile(absPath);
+    const imageBuffer = await fs35.readFile(absPath);
     const base64 = imageBuffer.toString("base64");
     const mimeType = MIME_TYPES[ext] ?? "image/png";
     const selectedProvider = provider ?? "anthropic";
@@ -26706,7 +26769,7 @@ Examples:
   }
 });
 var imageTools = [readImageTool];
-var path32 = await import('path');
+var path34 = await import('path');
 var DANGEROUS_PATTERNS2 = [
   /\bDROP\s+(?:TABLE|DATABASE|INDEX|VIEW)\b/i,
   /\bTRUNCATE\b/i,
@@ -26737,7 +26800,7 @@ Examples:
   async execute({ database, query, params, readonly: isReadonlyParam }) {
     const isReadonly = isReadonlyParam ?? true;
     const startTime = performance.now();
-    const absPath = path32.resolve(database);
+    const absPath = path34.resolve(database);
     if (isReadonly && isDangerousSql(query)) {
       throw new ToolError(
         "Write operations (INSERT, UPDATE, DELETE, DROP, ALTER, TRUNCATE, CREATE) are blocked in readonly mode. Set readonly: false to allow writes.",
@@ -26810,7 +26873,7 @@ Examples:
   }),
   async execute({ database, table }) {
     const startTime = performance.now();
-    const absPath = path32.resolve(database);
+    const absPath = path34.resolve(database);
     try {
       const { default: Database } = await import('better-sqlite3');
       const db = new Database(absPath, { readonly: true, fileMustExist: true });
@@ -26981,14 +27044,14 @@ var findMissingImportsTool = defineTool({
   }
 });
 var astValidatorTools = [validateCodeTool, findMissingImportsTool];
-var fs35 = await import('fs/promises');
-var path33 = await import('path');
+var fs36 = await import('fs/promises');
+var path35 = await import('path');
 var AnalyzeFileSchema = z.object({
   filePath: z.string().describe("Path to file to analyze"),
   includeAst: z.boolean().default(false).describe("Include AST in result")
 });
 async function analyzeFile(filePath, includeAst = false) {
-  const content = await fs35.readFile(filePath, "utf-8");
+  const content = await fs36.readFile(filePath, "utf-8");
   const lines = content.split("\n").length;
   const functions = [];
   const classes = [];
@@ -27092,10 +27155,10 @@ async function analyzeDirectory(dirPath) {
     try {
       const analysis = await analyzeFile(file, false);
       totalLines += analysis.lines;
-      const ext = path33.extname(file);
+      const ext = path35.extname(file);
       filesByType[ext] = (filesByType[ext] || 0) + 1;
       fileStats.push({
-        file: path33.relative(dirPath, file),
+        file: path35.relative(dirPath, file),
         lines: analysis.lines,
         complexity: analysis.complexity.cyclomatic
       });
@@ -27451,13 +27514,13 @@ ${completed.map((r) => `- ${r.agentId}: Success`).join("\n")}`;
   }
 });
 var agentCoordinatorTools = [createAgentPlanTool, delegateTaskTool, aggregateResultsTool];
-var fs36 = await import('fs/promises');
+var fs37 = await import('fs/promises');
 var SuggestImprovementsSchema = z.object({
   filePath: z.string().describe("File to analyze for improvement suggestions"),
   context: z.string().optional().describe("Additional context about the code")
 });
 async function analyzeAndSuggest(filePath, _context) {
-  const content = await fs36.readFile(filePath, "utf-8");
+  const content = await fs37.readFile(filePath, "utf-8");
   const lines = content.split("\n");
   const suggestions = [];
   for (let i = 0; i < lines.length; i++) {
@@ -27549,7 +27612,7 @@ async function analyzeAndSuggest(filePath, _context) {
     if (filePath.endsWith(".ts") && !filePath.includes("test") && !filePath.includes(".d.ts") && line.includes("export ")) {
       const testPath = filePath.replace(".ts", ".test.ts");
       try {
-        await fs36.access(testPath);
+        await fs37.access(testPath);
       } catch {
         suggestions.push({
           type: "testing",
@@ -27606,7 +27669,7 @@ var calculateCodeScoreTool = defineTool({
   async execute(input) {
     const { filePath } = input;
     const suggestions = await analyzeAndSuggest(filePath);
-    const content = await fs36.readFile(filePath, "utf-8");
+    const content = await fs37.readFile(filePath, "utf-8");
     const lines = content.split("\n");
     const nonEmptyLines = lines.filter((l) => l.trim()).length;
     let score = 100;
@@ -27640,8 +27703,8 @@ var calculateCodeScoreTool = defineTool({
   }
 });
 var smartSuggestionsTools = [suggestImprovementsTool, calculateCodeScoreTool];
-var fs37 = await import('fs/promises');
-var path34 = await import('path');
+var fs38 = await import('fs/promises');
+var path36 = await import('path');
 var ContextMemoryStore = class {
   items = /* @__PURE__ */ new Map();
   learnings = /* @__PURE__ */ new Map();
@@ -27653,7 +27716,7 @@ var ContextMemoryStore = class {
   }
   async load() {
     try {
-      const content = await fs37.readFile(this.storePath, "utf-8");
+      const content = await fs38.readFile(this.storePath, "utf-8");
       const data = JSON.parse(content);
       this.items = new Map(Object.entries(data.items || {}));
       this.learnings = new Map(Object.entries(data.learnings || {}));
@@ -27661,15 +27724,15 @@ var ContextMemoryStore = class {
     }
   }
   async save() {
-    const dir = path34.dirname(this.storePath);
-    await fs37.mkdir(dir, { recursive: true });
+    const dir = path36.dirname(this.storePath);
+    await fs38.mkdir(dir, { recursive: true });
     const data = {
       sessionId: this.sessionId,
       items: Object.fromEntries(this.items),
       learnings: Object.fromEntries(this.learnings),
       savedAt: Date.now()
     };
-    await fs37.writeFile(this.storePath, JSON.stringify(data, null, 2));
+    await fs38.writeFile(this.storePath, JSON.stringify(data, null, 2));
   }
   addContext(id, item) {
     this.items.set(id, item);
@@ -27834,11 +27897,11 @@ var contextEnhancerTools = [
   recordLearningTool,
   getLearnedPatternsTool
 ];
-var fs38 = await import('fs/promises');
-var path35 = await import('path');
+var fs39 = await import('fs/promises');
+var path37 = await import('path');
 async function discoverSkills(skillsDir) {
   try {
-    const files = await fs38.readdir(skillsDir);
+    const files = await fs39.readdir(skillsDir);
     return files.filter((f) => f.endsWith(".ts") || f.endsWith(".js"));
   } catch {
     return [];
@@ -27846,12 +27909,12 @@ async function discoverSkills(skillsDir) {
 }
 async function loadSkillMetadata(skillPath) {
   try {
-    const content = await fs38.readFile(skillPath, "utf-8");
+    const content = await fs39.readFile(skillPath, "utf-8");
     const nameMatch = content.match(/@name\s+(\S+)/);
     const descMatch = content.match(/@description\s+(.+)/);
     const versionMatch = content.match(/@version\s+(\S+)/);
     return {
-      name: nameMatch?.[1] || path35.basename(skillPath, path35.extname(skillPath)),
+      name: nameMatch?.[1] || path37.basename(skillPath, path37.extname(skillPath)),
       description: descMatch?.[1] || "No description",
       version: versionMatch?.[1] || "1.0.0",
       dependencies: []
@@ -27895,7 +27958,7 @@ var discoverSkillsTool = defineTool({
     const { skillsDir } = input;
     const skills = await discoverSkills(skillsDir);
     const metadata = await Promise.all(
-      skills.map((s) => loadSkillMetadata(path35.join(skillsDir, s)))
+      skills.map((s) => loadSkillMetadata(path37.join(skillsDir, s)))
     );
     return {
       skillsDir,
@@ -28018,14 +28081,17 @@ export const ${typedInput.name}Tool = defineTool({
   }
 });
 var skillEnhancerTools = [discoverSkillsTool, validateSkillTool, createCustomToolTool];
+function gitExec(cmd, opts = {}) {
+  return execSync(cmd, { encoding: "utf-8", cwd: process.cwd(), ...opts });
+}
 function analyzeRepoHealth() {
   const issues = [];
   const recommendations = [];
   let score = 100;
   try {
     try {
-      execSync("git status --porcelain", { stdio: "pipe" });
-      const status = execSync("git status --porcelain", { encoding: "utf-8" });
+      gitExec("git status --porcelain", { stdio: "pipe" });
+      const status = gitExec("git status --porcelain");
       if (status.trim()) {
         issues.push("Uncommitted changes present");
         score -= 10;
@@ -28033,7 +28099,7 @@ function analyzeRepoHealth() {
     } catch {
     }
     try {
-      const untracked = execSync("git ls-files --others --exclude-standard", { encoding: "utf-8" });
+      const untracked = gitExec("git ls-files --others --exclude-standard");
       if (untracked.trim()) {
         const count = untracked.trim().split("\n").length;
         issues.push(`${count} untracked files`);
@@ -28043,9 +28109,9 @@ function analyzeRepoHealth() {
     } catch {
     }
     try {
-      const branch = execSync("git rev-parse --abbrev-ref HEAD", { encoding: "utf-8" }).trim();
-      const local = execSync("git rev-parse HEAD", { encoding: "utf-8" }).trim();
-      const remote = execSync(`git rev-parse origin/${branch}`, { encoding: "utf-8" }).trim();
+      const branch = gitExec("git rev-parse --abbrev-ref HEAD").trim();
+      const local = gitExec("git rev-parse HEAD").trim();
+      const remote = gitExec(`git rev-parse origin/${branch}`).trim();
       if (local !== remote) {
         issues.push("Branch is not up-to-date with remote");
         score -= 15;
@@ -28054,14 +28120,14 @@ function analyzeRepoHealth() {
     } catch {
     }
     try {
-      const files = execSync("git ls-files", { encoding: "utf-8" }).trim().split("\n");
+      const files = gitExec("git ls-files").trim().split("\n");
       if (files.length > 1e3) {
         recommendations.push("Repository has many files, consider using .gitignore");
       }
     } catch {
     }
     try {
-      const conflicts = execSync("git diff --name-only --diff-filter=U", { encoding: "utf-8" });
+      const conflicts = gitExec("git diff --name-only --diff-filter=U");
       if (conflicts.trim()) {
         issues.push("Merge conflicts present");
         score -= 30;
@@ -28077,12 +28143,11 @@ function analyzeRepoHealth() {
 }
 function getCommitStats() {
   try {
-    const count = execSync("git rev-list --count HEAD", { encoding: "utf-8" }).trim();
-    const authors = execSync('git log --format="%an" | sort -u', {
-      encoding: "utf-8",
+    const count = gitExec("git rev-list --count HEAD").trim();
+    const authors = gitExec('git log --format="%an" | sort -u', {
       shell: "/bin/bash"
     }).trim().split("\n");
-    const lastCommit = execSync('git log -1 --format="%cr"', { encoding: "utf-8" }).trim();
+    const lastCommit = gitExec('git log -1 --format="%cr"').trim();
     return {
       totalCommits: parseInt(count, 10),
       authors,
@@ -28155,7 +28220,7 @@ var recommendBranchTool = defineTool({
     const branchName = `${prefix}/${slug}`;
     let exists = false;
     try {
-      execSync(`git rev-parse --verify ${branchName}`, { stdio: "ignore" });
+      execSync(`git rev-parse --verify ${branchName}`, { cwd: process.cwd(), stdio: "ignore" });
       exists = true;
     } catch {
       exists = false;
@@ -28170,6 +28235,104 @@ var recommendBranchTool = defineTool({
   }
 });
 var gitEnhancedTools = [analyzeRepoHealthTool, getCommitStatsTool, recommendBranchTool];
+init_allowed_paths();
+var BLOCKED_SYSTEM_PATHS2 = [
+  "/etc",
+  "/var",
+  "/usr",
+  "/root",
+  "/sys",
+  "/proc",
+  "/boot",
+  "/bin",
+  "/sbin"
+];
+var authorizePathTool = defineTool({
+  name: "authorize_path",
+  description: `Request user permission to access a directory outside the project root.
+Use this BEFORE attempting file operations on external directories. The user will see
+an interactive prompt where they choose to allow or deny access.
+Returns whether the path was authorized. If authorized, subsequent file operations
+on that directory will succeed.
+Examples:
+- Need to read config from another project: authorize_path({ path: "/home/user/other-project" })
+- Need to access shared libraries: authorize_path({ path: "/opt/shared/libs", reason: "Read shared type definitions" })`,
+  category: "config",
+  parameters: z.object({
+    path: z.string().min(1).describe("Absolute path to the directory to authorize"),
+    reason: z.string().optional().describe("Why access is needed (shown to user for context)")
+  }),
+  async execute({ path: dirPath, reason }) {
+    const absolute = path20__default.resolve(dirPath);
+    if (isWithinAllowedPath(absolute, "read")) {
+      return {
+        authorized: true,
+        path: absolute,
+        message: "Path is already authorized."
+      };
+    }
+    for (const blocked of BLOCKED_SYSTEM_PATHS2) {
+      const normalizedBlocked = path20__default.normalize(blocked);
+      if (absolute === normalizedBlocked || absolute.startsWith(normalizedBlocked + path20__default.sep)) {
+        return {
+          authorized: false,
+          path: absolute,
+          message: `System path '${blocked}' cannot be authorized for security reasons.`
+        };
+      }
+    }
+    const cwd = process.cwd();
+    if (absolute === path20__default.normalize(cwd) || absolute.startsWith(path20__default.normalize(cwd) + path20__default.sep)) {
+      return {
+        authorized: true,
+        path: absolute,
+        message: "Path is within the project directory \u2014 already accessible."
+      };
+    }
+    try {
+      const stat2 = await fs22__default.stat(absolute);
+      if (!stat2.isDirectory()) {
+        return {
+          authorized: false,
+          path: absolute,
+          message: `Not a directory: ${absolute}`
+        };
+      }
+    } catch {
+      return {
+        authorized: false,
+        path: absolute,
+        message: `Directory not found: ${absolute}`
+      };
+    }
+    const existing = getAllowedPaths();
+    if (existing.some((e) => path20__default.normalize(e.path) === path20__default.normalize(absolute))) {
+      return {
+        authorized: true,
+        path: absolute,
+        message: "Path is already authorized."
+      };
+    }
+    const { promptAllowPath: promptAllowPath2 } = await Promise.resolve().then(() => (init_allow_path_prompt(), allow_path_prompt_exports));
+    const wasAuthorized = await promptAllowPath2(absolute);
+    if (wasAuthorized) {
+      return {
+        authorized: true,
+        path: absolute,
+        message: `Access granted to ${absolute}.${reason ? ` Reason: ${reason}` : ""}`
+      };
+    }
+    return {
+      authorized: false,
+      path: absolute,
+      message: "User denied access to this directory."
+    };
+  }
+});
+var authorizePathTools = [authorizePathTool];
 // src/tools/index.ts
 function registerAllTools(registry) {
@@ -28202,7 +28365,8 @@ function registerAllTools(registry) {
     ...smartSuggestionsTools,
     ...contextEnhancerTools,
     ...skillEnhancerTools,
-    ...gitEnhancedTools
+    ...gitEnhancedTools,
+    ...authorizePathTools
   ];
   for (const tool of allTools) {
     registry.register(tool);
@@ -28602,13 +28766,63 @@ function createIntentRecognizer(config = {}) {
 // src/cli/repl/index.ts
 init_env();
+init_allowed_paths();
 init_trust_store();
-({
-  critical: chalk12.red.bold("CRITICAL"),
-  major: chalk12.red("MAJOR"),
-  minor: chalk12.yellow("minor"),
-  info: chalk12.dim("info")
-});
+var terminalOptions = {
+  // Code blocks
+  code: chalk12.bgGray.white,
+  blockquote: chalk12.gray.italic,
+  // HTML elements
+  html: chalk12.gray,
+  // Headings
+  heading: chalk12.bold.green,
+  firstHeading: chalk12.bold.magenta,
+  // Horizontal rule
+  hr: chalk12.dim,
+  // Lists
+  listitem: chalk12.white,
+  // Tables
+  table: chalk12.white,
+  tableOptions: {
+    chars: {
+      top: "\u2500",
+      "top-mid": "\u252C",
+      "top-left": "\u256D",
+      "top-right": "\u256E",
+      bottom: "\u2500",
+      "bottom-mid": "\u2534",
+      "bottom-left": "\u2570",
+      "bottom-right": "\u256F",
+      left: "\u2502",
+      "left-mid": "\u251C",
+      mid: "\u2500",
+      "mid-mid": "\u253C",
+      right: "\u2502",
+      "right-mid": "\u2524",
+      middle: "\u2502"
+    }
+  },
+  // Emphasis
+  strong: chalk12.bold,
+  em: chalk12.italic,
+  codespan: chalk12.cyan,
+  del: chalk12.strikethrough,
+  // Links
+  link: chalk12.blue.underline,
+  href: chalk12.blue.dim,
+  // Text
+  text: chalk12.white,
+  // Indentation
+  unescape: true,
+  width: 80,
+  showSectionPrefix: false,
+  reflowText: true,
+  tab: 2,
+  // Emoji support
+  emoji: true
+};
+var marked = new Marked();
+marked.use(markedTerminal(terminalOptions));
 var pc = chalk12;
 ({
   pending: pc.dim("\u25CB"),
@@ -28624,24 +28838,6 @@ var pc = chalk12;
 });
 // src/cli/repl/index.ts
-function visualWidth(str) {
-  const stripped = str.replace(/\x1b\[[0-9;]*m/g, "");
-  let width = 0;
-  for (const char of stripped) {
-    const cp = char.codePointAt(0) || 0;
-    if (cp > 128512 || cp >= 9728 && cp <= 10175 || cp >= 127744 && cp <= 129750 || cp >= 129280 && cp <= 129535 || cp >= 9986 && cp <= 10160 || cp >= 65024 && cp <= 65039 || cp === 8205) {
-      width += 2;
-    } else if (
-      // CJK Unified Ideographs and other wide characters
-      cp >= 4352 && cp <= 4447 || cp >= 11904 && cp <= 12350 || cp >= 12352 && cp <= 13247 || cp >= 19968 && cp <= 40959 || cp >= 63744 && cp <= 64255 || cp >= 65072 && cp <= 65135 || cp >= 65281 && cp <= 65376 || cp >= 65504 && cp <= 65510
-    ) {
-      width += 2;
-    } else {
-      width += 1;
-    }
-  }
-  return width;
-}
 async function startRepl(options = {}) {
   const projectPath = options.projectPath ?? process.cwd();
   const session = createSession(projectPath, options.config);
@@ -28781,11 +28977,21 @@ async function startRepl(options = {}) {
         activeSpinner.start();
       }
     };
+    let thinkingInterval = null;
+    let thinkingStartTime = null;
+    const clearThinkingInterval = () => {
+      if (thinkingInterval) {
+        clearInterval(thinkingInterval);
+        thinkingInterval = null;
+      }
+      thinkingStartTime = null;
+    };
     const abortController = new AbortController();
     let wasAborted = false;
     const sigintHandler = () => {
       wasAborted = true;
       abortController.abort();
+      clearThinkingInterval();
       clearSpinner();
       renderInfo("\nOperation cancelled");
     };
@@ -28824,8 +29030,19 @@ async function startRepl(options = {}) {
         },
         onThinkingStart: () => {
           setSpinner("Thinking...");
+          thinkingStartTime = Date.now();
+          thinkingInterval = setInterval(() => {
+            if (!thinkingStartTime) return;
+            const elapsed = Math.floor((Date.now() - thinkingStartTime) / 1e3);
+            if (elapsed < 4) return;
+            if (elapsed < 8) setSpinner("Analyzing request...");
+            else if (elapsed < 12) setSpinner("Planning approach...");
+            else if (elapsed < 16) setSpinner("Preparing tools...");
+            else setSpinner(`Still working... (${elapsed}s)`);
+          }, 2e3);
         },
         onThinkingEnd: () => {
+          clearThinkingInterval();
           clearSpinner();
         },
         onToolPreparing: (toolName) => {
@@ -28836,6 +29053,7 @@ async function startRepl(options = {}) {
         },
         signal: abortController.signal
       });
+      clearThinkingInterval();
       process.off("SIGINT", sigintHandler);
       if (wasAborted || result.aborted) {
         if (result.partialContent) {
@@ -28888,6 +29106,7 @@ async function startRepl(options = {}) {
       }
       console.log();
     } catch (error) {
+      clearThinkingInterval();
       clearSpinner();
       process.off("SIGINT", sigintHandler);
       if (error instanceof Error && error.name === "AbortError") {
@@ -28920,40 +29139,30 @@ async function startRepl(options = {}) {
   inputHandler.close();
 }
 async function printWelcome(session) {
-  const providerType = session.config.provider.type;
-  const model = session.config.provider.model || "default";
-  const isReturningUser = existsSync(path20__default.join(session.projectPath, ".coco"));
-  if (isReturningUser) {
-    const versionStr = chalk12.dim(`v${VERSION}`);
-    const providerStr = chalk12.dim(`${providerType}/${model}`);
-    console.log(
-      `
-  \u{1F965} Coco ${versionStr} ${chalk12.dim("\u2502")} ${providerStr} ${chalk12.dim("\u2502")} ${chalk12.yellow("/help")}
-`
-    );
-    return;
-  }
   const trustStore = createTrustStore();
   await trustStore.init();
   const trustLevel = trustStore.getLevel(session.projectPath);
   const boxWidth = 41;
-  const innerWidth = boxWidth - 4;
-  const titleContent = "\u{1F965} CORBAT-COCO";
+  const innerWidth = boxWidth - 2;
   const versionText = `v${VERSION}`;
-  const titleContentVisualWidth = visualWidth(titleContent);
-  const versionVisualWidth = visualWidth(versionText);
-  const titlePadding = innerWidth - titleContentVisualWidth - versionVisualWidth;
   const subtitleText = "open source \u2022 corbat.tech";
-  const subtitleVisualWidth = visualWidth(subtitleText);
-  const subtitlePadding = innerWidth - subtitleVisualWidth;
+  const boxLine = (content) => {
+    const pad = Math.max(0, innerWidth - stringWidth(content));
+    return chalk12.magenta("\u2502") + content + " ".repeat(pad) + chalk12.magenta("\u2502");
+  };
+  const titleLeftRaw = " COCO";
+  const titleRightRaw = versionText + " ";
+  const titleLeftStyled = " " + chalk12.bold.white("COCO");
+  const titleGap = Math.max(1, innerWidth - stringWidth(titleLeftRaw) - stringWidth(titleRightRaw));
+  const titleContent = titleLeftStyled + " ".repeat(titleGap) + chalk12.dim(titleRightRaw);
+  const taglineText = "code that converges to quality";
+  const taglineContent = " " + chalk12.magenta(taglineText) + " ";
+  const subtitleContent = " " + chalk12.dim(subtitleText) + " ";
   console.log();
   console.log(chalk12.magenta("  \u256D" + "\u2500".repeat(boxWidth - 2) + "\u256E"));
-  console.log(
-    chalk12.magenta("  \u2502 ") + "\u{1F965} " + chalk12.bold.white("CORBAT-COCO") + " ".repeat(Math.max(0, titlePadding)) + chalk12.dim(versionText) + chalk12.magenta(" \u2502")
-  );
-  console.log(
-    chalk12.magenta("  \u2502 ") + chalk12.dim(subtitleText) + " ".repeat(Math.max(0, subtitlePadding)) + chalk12.magenta(" \u2502")
-  );
+  console.log("  " + boxLine(titleContent));
+  console.log("  " + boxLine(taglineContent));
+  console.log("  " + boxLine(subtitleContent));
   console.log(chalk12.magenta("  \u2570" + "\u2500".repeat(boxWidth - 2) + "\u256F"));
   const updateInfo = await checkForUpdates();
   if (updateInfo) {
@@ -28968,11 +29177,14 @@ async function printWelcome(session) {
   if (displayPath.length > maxPathLen) {
     displayPath = "..." + displayPath.slice(-maxPathLen + 3);
   }
+  const lastSep = displayPath.lastIndexOf("/");
+  const parentPath = lastSep > 0 ? displayPath.slice(0, lastSep + 1) : "";
+  const projectName = lastSep > 0 ? displayPath.slice(lastSep + 1) : displayPath;
   const providerName = session.config.provider.type;
   const modelName = session.config.provider.model || "default";
   const trustText = trustLevel === "full" ? "full" : trustLevel === "write" ? "write" : trustLevel === "read" ? "read" : "";
   console.log();
-  console.log(chalk12.dim(`  \u{1F4C1} ${displayPath}`));
+  console.log(chalk12.dim(`  \u{1F4C1} ${parentPath}`) + chalk12.magenta.bold(projectName));
   console.log(
     chalk12.dim(`  \u{1F916} ${providerName}/`) + chalk12.magenta(modelName) + (trustText ? chalk12.dim(` \u2022 \u{1F510} ${trustText}`) : "")
   );
@@ -28994,7 +29206,7 @@ async function checkProjectTrust(projectPath) {
     return true;
   }
   console.log();
-  console.log(chalk12.cyan.bold("  \u{1F965} Corbat-Coco") + chalk12.dim(` v${VERSION}`));
+  console.log(chalk12.cyan.bold("  \u{1F965} Coco") + chalk12.dim(` v${VERSION}`));
   console.log(chalk12.dim(`  \u{1F4C1} ${projectPath}`));
   console.log();
   console.log(chalk12.yellow("  \u26A0 First time accessing this directory"));